Web Services Encryption and Data Integrity

For the proper functioning of Web services, encryption and data integrity on the network are essential. Standard SSL encryption using HTTPS allows point-to-point data privacy between Web service consumers and service providers. However, in many cases, the service provider may not be the ultimate destination for the message. A service provider may act as a service requestor, sending pieces of information to multiple services. The XML Encryption standard permits encryption of portions of the message allowing header information to be used for routing purposes while leaving the sensitive payload encrypted. Sensitive information can then be left encrypted to the ultimate destination, allowing true end-to-end data privacy.

Web Services Attachments: Unwanted Viruses

One challenge with encryption is virus detection. Web Service traffic may include attachments. When content is encrypted, viruses that may be a part of the message are also encrypted. This makes it difficult for a virus checking program to detect malware. When using encrypted data, virus checking can be performed at the destination or by an intermediary that can decrypt the data to be virus scanned and re-encrypted for transport.

Signatures and Non-Repudiation

As more systems communicate with each other, particularly across enterprises, there is more need for data integrity. How can you ensure that the message you received is valid and has not been tampered with? Digital signatures can be used to sign documents. A service requestor can sign a document with the sender's private key and send it along with the payload of the message. The service provider can then verify the signature with the sender's public key to see if any portion of the document has been compromised. Thus systems can ensure data integrity when communicating with each other.

The XML Signature standard provides a means for signing parts of XML documents, providing end-to-end data integrity across multiple systems.

One key benefit of signing is the concept of non-repudiation. When transactions are performed, it is often a requirement to be able to prove that a particular action took place. With signatures, service providers can not only provide evidence that a document is valid but also record the message transactions into signed audit logs. Once an audit log has been signed it cannot be modified without significantly changing the signature. Note that hackers often modify audit logs in order to "cover their tracks" to avoid detection. Signed log files help prevent such situations.

When third party non-repudiation is required, digital receipts provide independent verification that specific transactions have occurred. Many vendors provide this capability and can integrate with your systems.

A Traditional Network Approach

One of the key simplicities of XML Web services is that traffic flows through port 80 and port 443 similar to standard Web site traffic. While this greatly simplifies traffic between multiple entities, it also opens up a new class of problems that are less understood. Firewalls do a good job of port monitoring and recognizing brute force malicious attack but are not good at being able to view the content of messages in order to detect and prevent more sophisticated security compromises. Most firewalls can recognize SOAP messages but view it as well-formed HTTP traffic. Often firewalls can be configured to just allow or disallow SOAP traffic.

Web services interfaces are much more complex than Web site interfaces which exchange HTML pages and forms. SOAP interfaces are software APIs and can expose much more functionality. A packaged application for instance may have hundreds or thousands of critical operations exposed, all accessible through port 80.

In addition, an attacker has more information available to them. WSDL files and UDDI entries can provide detailed information that enable a hacker to gain entry. The message format is in XML format, which is self-describing and clearly show the data elements. While attacks on Web services will become more sophisticated, more information is available to security systems to detect and deter problems.

The bottom line is that XML Web services traffic includes more information that can be processed for activity, pattern recognition and auditing – making it inherently less secure. Security and monitoring tools being built need to be able to keep up with the constant advances in hacking.

For More Information

Learn more about Web services, encryption and data integrity in the context of an overall Web services management plan: download the free webinar, SOA Governance: Where the Rubber Meets the Runtime